Hearthstone Hack Thread

[Nightshadess]

Hello Everyone, I'm Making this Thread, so as you can see, the title say all.

So here some info:

You can change Cards (visual) change the amount of dust, change the amount of gold, change the amount of gold per quest*.
*Take note that the cards changed/gold/dust are only visual, it's needed to exploit the asm of the game, to trick the server with a good request so perhaps it will not be visual forever =D.

The Test that i've done:

If you go in your hearthstone install folder, most of you has notice that you have 2 file:

manifest-achieves.csv (quest rewards-Hero, achievement etc) (you can set 6000 gold a quest, and get them in game (only visual) the server will still grant you only +60 gold for exemple)

manifest-cards.csv (All Cards-ID)

For exemple you have "Ysera" in your deck, but you want to get "Death Wing" in your deck just to joke.
So what i've done is changing the ENUM_ID** of these 2 cards

**1186,EX1_572,1,4 //Ysera
**834,NEW1_030,1,4 //Death Wing

So in-game in your "collection" in your deck you will see ysera changed into death Wing, so the main idea was to remove the deathwing (ysera) to Request a packet to the server that you have removed the cards to get +1 DeathWing in your collection (while not owning the card),

But i think the server also do RequestLastDeckList to ensure that the server(player) is owner of the card.

And some fast research:

---[Craft]---
--[Read Access]--

20BF3978 - 8B 47 08 - mov eax,[edi+08] //Click on card to be crafted
20BF3BB2 - 8B 46 08 - mov eax,[esi+08] //Click on card to be crafted
20BF3998 - 8B 47 08 - mov eax,[edi+08] //After Clicking on CRAFT BUTTON
20BF9195 - 8B 52 08 - mov edx,[edx+08] //Valiate the craft* when you "click" after the craft

---[Dust]---
--[Read Access]--

mono.dll+10B385 - 8B 0E - mov ecx,[esi] //Click on card to be crafted (also executed doing nothing or in craft menu)
20BF15D4 - 89 86 A0000000 - mov [esi+000000A0],eax //Click on card to be crafted
20BF384C - 8B 89 A0000000 - mov ecx,[ecx+000000A0] //Click on card to be crafted
0482ED63 - 8B 89 A0000000 - mov ecx,[ecx+000000A0] //Click on card to be crafted
20BF375A - 8B 92 A0000000 - mov edx,[edx+000000A0] //Click on card to be crafted
20C06CBB - 8B 89 A0000000 - mov ecx,[ecx+000000A0] //After Clicking on Craft Button
20C06CE6 - 89 88 A0000000 - mov [eax+000000A0],ecx //After Clicking on Craft Button
20C1B9A6 - 8B 89 A0000000 - mov ecx,[ecx+000000A0] //After crafting, pressing "cancel button to refund dust"
20C1B9D1 - 89 88 A0000000 - mov [eax+000000A0],ecx //After crafting, pressing "cancel button to refund dust"

---[Dust]---
--[Write Access]--

20BF15D4 - 89 86 A0000000 - mov [esi+000000A0],eax //Click on card to be crafted
20C06CE6 - 89 88 A0000000 - mov [eax+000000A0],ecx //After Clicking on CRAFT BUTTON

/!\ These Adresses are useless, it's from non-static memory /!\

I need help with someone skilled in ASM because i can't get the static module of these addresses, even with backtracing the adresses, it's like Hearthstone.exe+(adresses)+ptr ...

Thanks <!<
~Nightshadess

[Jakious]

I really don't know much about this kind of stuff, just adding my interest and I'll check back on this thread every now and then. Good luck!

[Nightshadess]

I really don't know much about this kind of stuff, just adding my interest and I'll check back on this thread every now and then. Good luck!

This was just for info, until the moderator create a forum with hearthstone exploit/hack... i'm not gonna put week on research... i'm not motivated to do that alone, i'm (mid) skilled in reverse-engineering, it's hard & take alot of time.

And alone it's just boring, better 2 brain than 1 :P.
Also i think this game is 100% server-sided and i doubt if it's possible via the client to exploit that...done so many test to get no result, well the only thing that i haven't test, it's to make my own packet sniffer, and send packet or even create some custom .dll to inject... i'm not programmer so here my weakness =D.

[Jakious]

This was just for info, until the moderator create a forum with hearthstone exploit/hack... i'm not gonna put week on research... i'm not motivated to do that alone, i'm (mid) skilled in reverse-engineering, it's hard & take alot of time.

And alone it's just boring, better 2 brain than 1 :P.
Also i think this game is 100% server-sided and i doubt if it's possible via the client to exploit that...done so many test to get no result, well the only thing that i haven't test, it's to make my own packet sniffer, and send packet or even create some custom .dll to inject... i'm not programmer so here my weakness =D.

Yeah true. Hey have you got any experience with making bots? I was thinking that it would be cool if we could make a bot that played practice matches over and over again. You get EXP for these so you can get gold cards! Of course a play mode one would be better but it's just too hard.
So if you made a practice mode bot which ended turn over and over again, you would get EXP to level up in any class.
I'd be happy to help, I just have no idea what to do :F

[Nightshadess]

Yeah true. Hey have you got any experience with making bots? I was thinking that it would be cool if we could make a bot that played practice matches over and over again. You get EXP for these so you can get gold cards! Of course a play mode one would be better but it's just too hard.
So if you made a practice mode bot which ended turn over and over again, you would get EXP to level up in any class.
I'd be happy to help, I just have no idea what to do :F

xD this would sux, the experience is based on card destroyed/attacked, you will not get any exp in "training vs AI" by just "turning your turn" =),
just use speedhack with an undetected cheat engine then spam card, loose in 10s get exp.

But even with SpeedHack this take alot of time lol.

Ps: you can still make an easy bot with autoIT.

[ngdik]

Thanks!
But I have a problem,
How can I get the cards' name by the cards_id,
and the manifest-cards.csv is including the cards_id and two numbers,
I want to know the other two numbers' meaning,such as the cards' kind or mana value?
Thanks!

[toblirome]

Wish i even had a key -.^

[Belkamaniac]

I noticed that there is some Turn hack/glitch in hearthstone that gives you endless turn.
I don’t really know is it a bug or hack, but everyone says its a hack.
someone have any info on this?

youtube(dot)com/watch?v=OS6xaAPP7Vw (i am not allowed to post links)